From 0fba4e28de2d0b5b8a262f512b65e487ded0c6e1 Mon Sep 17 00:00:00 2001
From: Paul Kehrer <paul.l.kehrer@gmail.com>
Date: Thu, 12 Jul 2018 22:19:21 +0530
Subject: raise valueerror for null x25519 derived keys (#4332)

* raise valueerror for null x25519 derived keys

OpenSSL errors when it hits this edge case and a null shared key is bad
anyway so let's raise an error

* empty commit
---
 src/cryptography/hazmat/backends/openssl/x25519.py |  6 +++++-
 tests/hazmat/primitives/test_x25519.py             | 17 +++++++++++++++++
 2 files changed, 22 insertions(+), 1 deletion(-)

diff --git a/src/cryptography/hazmat/backends/openssl/x25519.py b/src/cryptography/hazmat/backends/openssl/x25519.py
index 5599c2fd..983ece6a 100644
--- a/src/cryptography/hazmat/backends/openssl/x25519.py
+++ b/src/cryptography/hazmat/backends/openssl/x25519.py
@@ -71,5 +71,9 @@ class _X25519PrivateKey(object):
         self._backend.openssl_assert(keylen[0] > 0)
         buf = self._backend._ffi.new("unsigned char[]", keylen[0])
         res = self._backend._lib.EVP_PKEY_derive(ctx, buf, keylen)
-        self._backend.openssl_assert(res == 1)
+        if res != 1:
+            raise ValueError(
+                "Null shared key derived from public/private pair."
+            )
+
         return self._backend._ffi.buffer(buf, keylen[0])[:]
diff --git a/tests/hazmat/primitives/test_x25519.py b/tests/hazmat/primitives/test_x25519.py
index 22a0ae66..381be201 100644
--- a/tests/hazmat/primitives/test_x25519.py
+++ b/tests/hazmat/primitives/test_x25519.py
@@ -76,6 +76,23 @@ class TestX25519Exchange(object):
 
         assert computed_shared_key == shared_key
 
+    def test_null_shared_key_raises_error(self, backend):
+        """
+        The vector used here is taken from wycheproof's x25519 test vectors
+        """
+        public = binascii.unhexlify(
+            "5f9c95bca3508c24b1d0b1559c83ef5b04445cc4581c8e86d8224eddd09f1157"
+        )
+        private = binascii.unhexlify(
+            "78f1e8edf14481b389448dac8f59c70b038e7cf92ef2c7eff57a72466e115296"
+        )
+        private_key = X25519PrivateKey._from_private_bytes(
+            private
+        )
+        public_key = X25519PublicKey.from_public_bytes(public)
+        with pytest.raises(ValueError):
+            private_key.exchange(public_key)
+
     # These vectors are also from RFC 7748
     # https://tools.ietf.org/html/rfc7748#section-6.1
     @pytest.mark.parametrize(
-- 
cgit v1.2.3